Givgive Privacy Policy

1. General

This Privacy Policy applies to the online platform Givgive (“Website”) and to the associated app (“App”) (the Website and the App are jointly referred to as the “Platform”).

The data controller of your personal data is Givgive, Netgive PLC, which has its main office at Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151, Republic of Estonia. The data controller is further referred to as “We”, “Us” or “Givigve”.

We take your privacy extremely seriously. All personal data will be collected, stored and used by us in accordance with the European Union General Data Protection Regulation No. 2016/679 (“GDPR”) and/or other applicable statutory regulations.

The services offered by us via the Website and/or App can function only if we collect, store, transfer, delete and/or otherwise use (“collect and use”) specific data relating to you (“personal data” or “data”). Personal data means all information relating to an identified or identifiable natural person such as your name, date of birth, address, or email address.

This Privacy Policy describes what type of data we collect from you and for what purposes we collect and use it when you use the services offered by Us on the Platform. This Privacy Policy also contains important information on the protection of your data, especially the statutory rights you have in connection with it.

Certain services on our Platform are offered by third-party suppliers. When you use these services, the data protection regulations that govern third-party suppliers will then apply in addition to this data protection statement. Prior to your use of such services, the third-party suppliers may require you to provide permission under the data protection law.

Under applicable data protection laws, Givgive is obligated to inform you about data processing and Givgive fulfills this obligation within this Privacy Policy. This Privacy Policy and any parts of it are not meant as contractual clauses and do not form part of the general terms and conditions (“GTC”) as a contract that is concluded with registered users. Under applicable data protection laws, Givgive can process data that is necessary for the fulfillment of a contract with you or necessary for taking steps at your request prior to entering into a contract (Art. 6 (1) (b) GDPR). References to the GTC should always be understood as information on data processing (Art. 13 and 14 GDPR) and never as clauses that form part of the GTC. By using the Platform and our services, you enter into a legally binding contract between you and Givgive, the conditions of which are described in the GTC.

2. Why and how do we collect and use your personal data?

2.1. To enable you to use the Platform, allow us to provide our services and perform our GTC

We collect and use your personal data to allow you to use our Platform, to provide our services and to fulfill a contract (GTC) with you and above all, to carry out commercial transactions via the Platform, to use the electronic payment system or to leave reviews and communicate with other members. To use these services, you need a Givgive account. For this purpose, you must register as a member on the Website or App.

Most of your personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you. A portion of your data is required to fulfill our legal obligations when you become a member of our Platform. If you do not provide us with this personal data, we will not be able to comply with legal requirements or provide our services.

This data is also used for improvement of the Platform in order to enhance user experience for our members (see 2.2.12).

We collect and use your personal data for these purposes until your Givgive account is deactivated or inactive for five (5) years.

2.1.1. To enable registration on the Platform

When you register as a member on the Platform, you must provide the following data in order to complete the registration procedure and access your Givgive account:

• Username (necessary when you register without a Facebook or Google account);
• Full name;
• Email address;
• ZIP code and address;
• Confirmation that you are aged over 18;

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party or in order to take steps at your request prior to entering into a contract (GTC) (Art. 6 (1) (b) of the GDPR).

We also determine your location based on your IP address at the time of registration.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.2. To authenticate your identity via Google, Facebook or using an Apple ID

If you register using your Google Ireland Ltd. (Ireland), Google LLC (USA) (“Google”) or Meta Platforms Ireland Ltd. (Ireland), Meta Platforms, Inc. (USA) (“Facebook”), or Apple Inc. (USA) (“Apple”) account or later on decide to link your Google, Facebook or Apple account to your Givgive account, you will be transferred from our Platform to the Google, Facebook or Apple website and asked to enter the log-in information for your Google, Facebook or Apple ID account.

If you enter your Google log-in information, Google will share the following data with Givgive from your Google account (you may choose not to provide some data):

• Profile photo;
• Full name;
• Google account ID;
• Email address.

If you enter your Facebook log-in information, Facebook will share the following data with Givgive from your Facebook account (you may choose not to provide your email address):

• Profile photo;
• Full name;
• Email address.
• Facebook account ID

If you enter your Apple ID log-in information, Apple will share the following data with Givgive from your Apple ID account (you may choose not to provide your email address by using Apple’s Private Email Relay Service):

• Full name;
• Email address.
• Apple ID.

The data we obtain from Google, Facebook or Apple will be used to set up your Givgive account. This means that we will use the member name from your Google, Facebook or Apple ID account as your Givgive account member name so that it will be visible to other visitors to the Website and App users. No other data obtained from Google, Facebook or Apple will be visible to anyone on the Platform.

You can, at any time, unlink your Google, Facebook or Apple ID account. This can be done under "My settings" in your Givgive account. If, however, when you initially registered, you did so without linking your Google, Facebook or Apple ID account, you can create such a link later.

Collection and use of personal data is our legitimate interest to enable you conveniently authenticate your identity in order to carry out the registration process or access your Givgive account (Art. 6 (1) (f) of the GDPR).

If, however, when you initially registered, you did so without linking your Google, Facebook or Apple ID account, you can create such a link later.

2.1.3. To enable you to set up your profile information

If you decide to add profile details to the account you create on the Platform, we collect and use the following data when you choose to provide it:

• Full name;
• Gender;
• Year of birth;
• Telephone number;
• E-mail address;
• Address;
• Geolocation;
• ID information;
• Credit card number;
• Selfie photo;
• Metadata of the photo you upload (geolocation, ID number of device, date and time of photo taken, etc.);
• Your items;
• Information that you choose to provide in the “About Yourself” section.

Your profile photo, address, the information you provide in the "About Yourself" section, your items unless they are in a “secret room”, number and user names of neighbors, likes, rating on the platform, and verification fact are visible to other Platform users.

Legal basis for such collection and use of your personal data is our legitimate interest to enable you to set up your profile information and to ensure that other visitors of the Platform could access relevant information you choose to provide (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years. Photo metadata containing personal data is deleted immediately.

2.1.4. To enable you to list your items

If you list items on the Platform, we will collect and use the following data for the purpose of creating, publishing and deleting listings on the Platform (the required information differs depending on the chosen item category):

• Item title;
• Item description;
• Item category;
• Item brand;
• Item condition;
• Item size;
• Item color;
• Item material;
• Item photos;
• Item number;
• Metadata of the photos you upload (geolocation, device ID number, date and time of photo taken, etc.);
• ISBN (when you sell books);
• Information as to whether the item is unisex;
• Price;
• Discount;
• Shipping options;
• Parcel size;
• Reasons for deleting the item.

Legal basis for such collection and use of your personal data is our legitimate interest to enable you to create, publish and delete listings on the Platform when you so decide (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for eighteen (18) months and seven (7) days of inactivity. Deleted items and their photos are stored for 6 months. Photo metadata containing personal data is deleted immediately.

2.1.5. To enable notifications on the Platform for you

When you are a registered member on the Platform, we will provide you with notifications on the Platform regarding your new neighbors, your favorited items, your activity on the forum and other important messages.

Legal basis for the collection and use of data for the purposes of sending you notifications via the Platform’s messaging system is the performance of a contract (GTC) to which you are party (Art. 6(1)(b) of the GDPR), and the legal basis for sending you push notifications is our legitimate interest to facilitate sales on the Platform (Art. 6(1)(f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.6. To enable you to communicate with other members

If you communicate with other members on the Platform, we collect and use the following data:

• Name of the member with whom you are communicating;
• Messages;
• Date and time of messages;
• Shared photos;
• Your device;
• Information as to whether another member has seen your message;
• Other data submitted in messages.

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years. If you decide to remove a message from a conversation, it will be instantly hidden for you and the recipient, and permanently deleted after three (3) months from the moment you remove it. Legal basis for storing the removed message data is our legitimate interest to ensure the safety of our Platform and our members (Art. 6 (1) (f) of the GDPR).

2.1.7. To enable you to leave reviews for other members on the Platform

If you leave reviews for other members, Givgive collects and uses the following data for the purpose of making the reviews publicly available on the Platform:

• Review;
• Rating;
• Member name;
• Date and time of the review;
• Replies to the review.

Legal basis for such collection and use of your personal data is the legitimate interest of our members and Givgive to build trust among Givgive members (Art. 6 (1) (f) of the GDPR).

You can, at any time, edit or delete your reviews left for other members.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years. The reviews are subsequently anonymized.

2.1.8. To receive reviews from other members

When you receive reviews from other members, we will collect and use the following data for the purpose of making the reviews publicly available on the Platform:

• Review;
• Rating;
• Member name;
• Date and time of the review;
• Your reply to the review.

Legal basis for such collection and use is the legitimate interest of our members and Givgive to build trust among Givgive members (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.9. To enable you to post in the area news and discuss with our community

The Givgive forum is where our community comes to talk and help each other by sharing experience and news. You can create new forum topics or post comments in our forum. We collect and use the following data which you voluntarily submit on the Platform:

• Your member name;
• Your picture;
• Your posts;
• Photos shared in your post;
• Date and time of your post;
• Total number of your posts on the Platform;
• Likes under your post.

Legal basis for such collection and use of your personal data is the fulfillment of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR) as well as the legitimate interest of our members to have a platform for communication (Art. 6 (1) (f) of the GDPR).

You can delete and edit your own forum topics and posts at any time.

Unless you delete your forum topics or posts beforehand, we collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.10. To address your public feedback about us

If you leave a public review or other feedback about the Platform, we collect and use the following data for the purpose of addressing your feedback:

• Full name;
• Country;
• Language (if you leave your feedback on the App Store or Google Play);
• Feedback;
• Date and time of feedback;
• Link to feedback;
• Technical data related to browser, device type and operating system (if you leave your feedback on the App Store or Google Play).

The legal basis for such collection and use is our legitimate interest to manage Givgive’s reputation (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose for up to 4 months.

2.1.11. To send you important communication regarding the Platform

If you register on the Platform, we will send you emails and messages via the Platform’s messaging system for the purpose of providing important notifications such as GTC, Privacy Policy changes.

Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR) and compliance with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.12. To send you offers via the Platform’s messaging system

If you register on the Platform, we will send you offers related to Givgive services via the Platform’s messaging system (“Offers”).

Legal basis for the collection and use of data is our legitimate interest in providing offers to our members (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 regarding the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 81 (2) of Estonian Law on Electronic Communications).

In order to send Offers, Givgive uses the service provider, Braze, Inc. (USA), established outside the European Economic Area. In this case, personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.1.13. To provide you with customer support service

If you send us a query, request, or want to appeal our decision, we will collect and use the following data for the purpose of providing you with customer support services you request on the Platform:

• Full name;
• Email;
• Your profile information;
• Platform usage information;
• Transaction and pay-out information;
• Shipment information;
• Communications;
• Age;
• Gender;
• IP address;
• Session information;
• Item listings, photos, and videos;
• Inquiries;
• Other information submitted by you.

The type of information we collect can vary depending on your inquiry, and on whether or not you have an account on our Platform.

Legal basis for the collection and use of non-Platform user data is our legitimate interest to properly investigate your request, while the legal basis for the same in relation to users that have an account with us is the execution of the contract to which you have subscribed (GTC) (Art. 6 (1) (b) of the GDPR).

In order to respond to your inquiries, Givgive provides your data to customer support service providers.

The following service providers are operating outside the European Economic Area, which may result in your data being shared with our customer support agents outside the European Economic Area. In these instances, the personal data is protected by the service providers entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

• Transcom Worldwide Italy SPA (Albania)
• Transcom Worldwide Tunis S.a.r.l. (Tunisia)
• Transcom Worldwide SAS (Colombia)
• Helpware Inc. (Ukraine)
• Teleperformance Portugal S.A (Egypt)
• Outsourcia Société par actions simplifiée (Morocco)
• PhoneAct S.A.R.L. (Tunisia)

Personal data collected and used for this purpose are kept for 2 years after the last update related to your inquiry. If you have an account on our Platform and it gets deleted, personal data collected and used for this purpose will be deleted along with your account, which may be shorter than 2 years.

2.1.14. To resolve any purchase-related disputes between members

If you purchase and/or sell items on the Platform and are involved in a dispute with another member, we will collect and use any of your personal data held by Givgive necessary to solve the dispute.

We base such collection and use on a legitimate interest in settling disputes between our members and defending the rights and interests of Givgive (Art. 6 (1) (f) of the GDPR) and, where relevant, compliance with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

Personal data collected and used for this purpose is kept for 1 year after the conclusion of a dispute.

2.1.15. To temporarily retain your deactivated account

If you decide to deactivate your account, we will take all reasonable efforts to make sure it is no longer viewable on the Platform and restrict the use of your personal data. For up to 3 months it is still possible to restore your account if it was accidentally or wrongfully deactivated; in case you change your mind and wish to return to the Platform; in case someone else gains access to your account and deletes it without your knowledge; to protect our Platform against abuse whereby certain members delete their accounts in order to get rid of negative ratings, avoid their obligations or to otherwise circumvent our GTC, thus, violating our and other Platform users’ interests; and/or to prevent malicious activities on the Platform (e.g. multiple accounts created by spammers).

The legal basis for such storage of your data is the legitimate interest of Givgive and our members to restore your account when necessary and/or to prevent abuse and malicious activities on the Platform (Art. 6 (1) (f) of the GDPR); and, where applicable, to comply with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

Personal data is kept for this purpose for 3 months from the date of deactivation of your Givgive account.

After 3 months, we permanently delete your account from our Platform.

2.2. To improve your experience when using the Platform

We collect and use your personal data in order to improve your experience when using the Platform by enabling you to personalize your feed and search results, providing you relevant suggestions and storing your previous searches, sending you notifications and otherwise making the use of Platform more pleasant.

Specific applicable legal basis for the collection and use of your data is described in each section below.

2.2.1. To enable your preferences regarding your feed and search results

We will use the following data for the purpose of presenting you a personalized feed:

• your location;
• preferences you have chosen in Settings.

Legal basis for such collection and use of your personal data is the legitimate interest of Givgive and its members (Art. 6 (1) (f) of the GDPR) to make the Platform more convenient for our members and allow you to see offers from other members that might interest you the most based on your set preferences.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.2.2. To personalize your feed and search results

We also personalize item feeds by evaluating your preferences according to the following:

• Location;
• Language.

Legal basis for such collection and use is the legitimate interest of Givgive and its members (Art. 6 (1) (f) of the GDPR) to make the Platform more convenient for our members and, thanks to personalization, allow you to see offers from other members that might interest you the most.

We collect and use your personal data for this purpose for as long as your account is active.

2.2.3. To improve search results on the Platform

We collect and use data provided in the item listings with no seller-related information in order to improve search results by evaluating the degree of relevance of certain items with respect to a specific search keyword and to automatically suggest relevant categories for new listings. For this, we only use the item listing without any link to the owner.

Legal basis for such collection and use is our legitimate interest in improving the Platform and ensuring that our members receive relevant suggestions and search results (Art. 6 (1) (f) of the GDPR).

Givgive uses service providers who provide data analysis services to Givgive.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for 5 years.

2.2.4. To save your recent searches

In order to help you find previously searched items on the Platform, we save your search keywords. We collect and use the following data for the purpose of providing information about newly listed items on the Platform based keywords from your previous searches:

• Your search history (most recent keyword searches);
• Date and time of your search;
• Number of newly listed items.

Legal basis for such collection and use is the legitimate interest of our members and Givgive to improve search results on the Platform (Art. 6 (1) (f) of the GDPR).

You can delete your search history at any time.

Unless you delete your search history earlier, we collect and use your personal data for this purpose for up to 6 months.

2.2.5. To notify owner when you liked their items

If you liked an item on the Platform, Givgive will inform the seller that you have liked their item.

Legal basis for such collection and use is the legitimate interest of our members and Givgive in facilitating sales on the Platform (Art. 6 (1) (f) of the GDPR).

Owner can disable these notifications by logging in to the Platform, going to Privacy Settings and changing the appropriate settings.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.2.6. To allow you to follow other members

If a member you followed listed a new item on the Platform, we will notify you about it.

Legal basis for such collection and use of your personal data is our legitimate interest to help members receive timely information about new items of interest to them, thereby facilitating sales on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.2.7. To improve our Platform

Givgive is committed to the Platform’s optimal performance. While the Platform is in use, Givgive gathers information about actions performed on the Platform (button clicks, visiting time, notifications read, other information based on a given business case) and other data described under 2.1, 2.2, 2.5, 2.6 and 5 of this Privacy Policy in order to help us make decisions on how to improve the Platform and make it a better experience for our members.

Legal basis for such collection and use is our legitimate interest in maintaining performance and improving the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.2.8. To conduct surveys

We are always looking for ways to improve your user experience with Givgive. As such, you may be invited to participate in a survey and your feedback may be used. For this purpose, we collect and use the following data:

• User ID;
• Your gender;
• Your age;
• Your region;
• Your responses to our questions (e.g., your satisfaction with the Platform, your needs involving the Platform, problems that you encounter using the Platform).

Legal basis for inviting you to participate in the survey is our legitimate interest in receiving feedback from our members and using it to improve the Platform (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 81 (2) of Estonian Law on Electronic Communications).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.3. To ensure the security of your account and the Platform

Givgive strives to ensure that our member accounts and the Platform itself are secure and protected from cyber-attacks, unauthorized access, and other similar risks.

2.3.1. To track visits to the Platform for security purposes

When you connect to the Website or App, we collect and use the following data (log files), even if you are not logged in to the Website as a member:

• User ID;
• IP address of your device;
• Browser used by your device;
• Content and URLs you connect to;
• Date and time of your connections.

This data is used for security purposes, especially the prevention of cyber-attacks such as data scraps and denial of service attacks and to prevent unauthorized multiple applications.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 3 months.

2.3.2. To verify your account in case of suspicious activity related to your account

If we detect activity on your account considered to be suspicious by Givgive, we will ask you to perform a basic verification by confirming your email, Facebook or Google accounts. For the purpose of performing a basic verification, we will collect and use the following data:

• Email address; or
• Information received during Facebook or Google authentication (as described 2.1.2 above).

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.3.3. To carry out payment source security checks

As part of the security process, we ask our members to provide verification of their payment source. In order to perform such security checks, Givgive collects and uses the following personal data:

• Username;
• When we perform a payment card security check – information contained in a photo of the payment card: full name, card’s expiration date and the last four digits of the card number, other information visible on the front of the card if the member chooses not to cover it;
• When we perform a bank account security check – information contained in a photo/screenshot of the bank statement listing the most recent charge/charges: date and description of the last Givgive charge, other payment information if the member chooses not to redact other information.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 4 days after the security check is passed.

2.3.4. To prevent fraudulent payments

To ensure secure payments on the Platform and uphold our GTC, we may check payments for any signs of fraudulent activities, such as unauthorized use of credit/debit card or payment information, fake transactions, etc.

If we come across such payments, we take appropriate measures as outlined in our GTC, which may include a thorough review of the transaction, cancellation of the payment, or even blocking the associated member's account.

To detect and cancel suspicious payments, we may use fully automated tools. By doing so, we can prevent fraudulent activities in an efficient and timely manner, ultimately protecting our members from harm. We use means to ensure a high precision rate and accuracy of our automated tools, including manual reviews of automated decisions.

The following categories of data are used to prevent fraudulent payments, including making the automated decisions for detecting and canceling suspicious transactions:

• Credit/debit card data;
• Transaction data;
• Registration data;
• Session data;
• Activity on the Platform data;
• Delivery data;
• Security data.

Legal basis for such collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).

We collect and use your personal data for this purpose for 2 years after the payment verification procedure.

2.3.5. To carry out account ownership checks

As part of the security process, we may ask our members to verify ownership of their Givgive account. To confirm your identity, we will need one of the following as proof:

• A photo/screenshot of your bank statement showing your most recent Givgive charge(s);
• Proof of address: it can be a household utility bill with your name and current address that is no longer than 3 months old (e.g., gas, electricity, water, landline telephone; cellular phone bills are not permitted), or a photo/screenshot of your bank statement showing your billing address;
• A photo of your payment card you used for your purchases on Givgive (the photo needs to showcase the cardholder’s full name, last 4 digits, expiration date, bank name, card type, as well as a handwritten note with your username and current date).

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 3 days from receipt of the proof.

2.3.6. To allow you to report inappropriate behavior or content

If you choose to report inappropriate message, post, member, item, we will collect and use the following data for the purpose of ensuring the security of the Platform and its members:

• Reported content;
• Reporting reason;
• Information provided in the report;
• Date and time of your report.

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose for 14 months from the receipt of your report.

2.3.7. To report suicidal posts

In exceptional cases, where we notice suicidal posts on our Platform, we may report them to the police. In such cases we will collect and use and disclose the following data for the purpose of reporting suicidal posts:

• Username;
• E-mail address;
• Full name;
• IP addresses and last logins;
• Telephone number (if verified);
• Print screen/link of forum post or thread where the suicidal declaration appears.

Legal basis for such collection and use is the protection of your vital interests (Art. 6 (1)(d) of the GDPR).

We collect and use your personal data for this purpose for 7 months after we inform you about our decision regarding the removal of the reported content.

2.4. To supervise compliance with and enforce GTC

Givgive actively supervises compliance with and enforces GTC for the purpose of ensuring the security of your account and that of the Platform.

2.4.1. To identify and prevent malicious accounts and activities

In order to ensure the security of the Platform and its members, Givgive collects and maintains a database of keywords indicating malicious accounts and activities. This database may contain emails, certain words or phrases found in messages, and other relevant data. By matching members’ activity against the keywords in the database, we can identify and prevent bad actors more effectively. The legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). The database entries containing personal data are retained for 13 months.

2.4.2. To enforce spam filtering

In order to protect our members and the Platform, we use spam filtering tools. These tools include a list of keywords that are commonly associated with spam. If your messages include these keywords, they are stopped by the above-referenced tools and reviewed manually before being sent to other members. Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.4.3. To moderate your activity on the Platform

In order to ensure the security of the Platform and its members we regularly moderate your activity on the Platform. We may check your listings automatically or we may check your listings, comments, and messages upon receipt of reports from other members or third parties. If you communicate with another Givgive member via private message and either you or another member sends us a report or escalates a transaction, we collect and use information contained in your communications to check for potential violations of our GTC. Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.4.4. To delete or hide content that is illegal or violates our GTC

If you upload content (listed items, profile description, messages, etc.) on our Platform that is illegal or violates our GTC, we will remove or hide the same. However, we will retain the deleted content as proof of the violation. Legal basis for such collection and use is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR); or if this is necessary in order to comply with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR) Deleted content is kept for 7 months from the decision regarding the removal.

2.4.5. To detect and lock compromised accounts

In order to protect our members and the Platform, we regularly check for suspicious activities to detect compromised accounts. If we determine that your account may be compromised or at your request, we may lock your account. Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years. If your account is locked and then unlocked, we retain your data for two (2) years after unlocking your account. If your account remains permanently locked, we retain your data for this purpose for five (5) years after your last activity on the Platform.

2.4.6. To suspend members

If you send too many messages in a short period of time, you may get suspended for between one (1) and six (6) hours. For this purpose, Givgive collects and uses the time and duration of the suspension. Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.4.7. To enforce bans

If you violate Givgive GTC in a way that results in your ban, we will use the reason for your ban, its time and your profile data. Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). Personal data collected and used for this purpose is kept for seven (7) months from the time you were blocked.

2.4.8. To enforce IP blocks

If there are signs of cyber-attacks or other risks to the Platform’s security coming from your IP address, in order to protect the platform, we will collect and use your IP address and block it. Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR). Personal data collected and used for this purpose is kept for three (3) months.

2.4.9. To restrict the fraudulent use of payment instruments

If there are signs of any fraudulent activity with your payment instrument (e.g. credit/debit card), we will collect and use your payment instrument and order data to protect the Platform by restricting the use of your payment instrument. The legal basis for such collection and use is our legitimate interest to protect the Platform and its members and ensure its security and the legitimate interest of our members to keep them safe on the Platform (Art. 6 (1) (f) of the GDPR). Personal data collected and used for this purpose are kept for the duration of the restrictions applied.

2.4.12. To verify suspected minor account ownership

As the Platform is not intended for use by persons who are under 18 years of age (GTC), their parents/guardians can submit a report stating that an account belongs to a minor and request that we block said account.

For this purpose, a parent/guardian needs to provide the following information:

• Parent’s/guardian’s full name;
• Account holder’s (who is, presumably, a minor) username, full name, and age;
• Proof of parental authority (that is, identical surname or authority to represent the minor in a particular contractual relationship).

Once received, we will reach out to the account holder and ask for proof of identity and age. We will then check whether this data matches the information provided by a parent/guardian.

Copies of the following documents may serve as proof of identity for the purposes of verifying whether the account holder is a minor:

• Identity or residence card;
• Passport;
• Driving license;
• Student ID card;
• Social health insurance card;
• Public transport pass;
• Bank statement.

You may redact other personal information within the documents that is not necessary for age verification purposes (e.g. ID number, photo, address, etc.). Legal basis for the collection and use of data of a parent/guardian is our legitimate interest to verify suspected minor account ownership and to ensure compliance with our GTC (Art. 6 (1) (f) of the GDPR). Legal basis for the collection and use of data of the account holder is the performance of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR). Personal data collected and used for this purpose are kept for 2 years. The copies of uploaded documents are deleted within 3 days of receipt.

2.5. To Enable Your Payment for Items

Payments made on the Platform are carried out via payment service providers that offer payment processing and escrow services. Most of your personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you (Art. 6 (1) (b) of the GDPR). Part of your data is required to fulfill our or our payment service providers’ legal obligations when you are a member of our Platform (Art. 6 (1) (c) of the GDPR). If you do not provide us with this personal data, we or our payment service providers will not be able to comply with legal requirements nor will we be able to provide our services. This data is also used for the improvement of the Platform to make it a better experience for our members (see 2.2.12).

2.5.1. To Allow You to Make a Purchase or Add a Payment Card for Payment Purposes

• Full name
• First six and last four digits of your payment card number
• Expiration date

When you add a payment card or purchase an item or our extra services via the Platform, the relevant payment service provider receives the following data:

• Payment card holder’s full name
• Payment card number
• Expiration date
• Security code (CVV/CVC) number

Legal basis for the collection and use of data is the fulfillment of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

If you agree, we will store your bank card details for future use.

Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.5.2. To Allow You to Add a Bank Account for Withdrawal Purposes

• Account holder’s full name
• Account number
• Address

Legal basis for the collection and use of data is the fulfillment of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years.

2.5.3. To Issue Refunds

If you ordered an item and it never arrived, arrives damaged, or is not as described, and you issue a claim, we collect and use the data used to make a purchase (see 2.5.1 and 2.5.4) for the purpose of issuing a refund.

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

Transaction data is kept for 13 months from the day of the transaction.

2.5.9. To Keep Financial Records

If you participate in purchase-sale and/or other transactions when using the Platform, Givgive will collect and use the following data in order to carry out its accounting-related duties:

• Full name
• Username
• Address
• VAT identification number (where applicable)
• Bank account number
• IP address
• Invoice data
• Payment information
• Compensations
• Chargebacks
• Shipping information

This is necessary in order to comply with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

Financial regulations require us to keep accounting documents that confirm the transactions for 10 years. The data used to determine the location of transactions is kept for 4 years.

2.6. To Carry Out Marketing Activities

Givgive seeks to involve our members in marketing campaigns that benefit our members. At the same time, we wish to present you with marketing material that is both relevant and engaging.

2.6.1. To Send You Marketing Emails

You can register for our newsletter and for other marketing emails ("Marketing Emails"). When you register, we will ask you for your permission to use your email address to send you Marketing Emails containing the latest information on our products and services, especially regarding goods available on the Platform, special offers, and marketing campaigns. If, upon registration, you do not give your permission, you can change your mind at any time and agree to receive Marketing Emails by changing the settings on your Givgive account.

Legal basis for the collection and use of data is your consent (Art. 6 (1) (a) of the GDPR, Art. 81(1) of Estonian Law on Electronic Communications).

You can grant or revoke your consent to receive Marketing Emails at any time with future effect. In your Givgive account, you can adjust your settings to choose what emails you wish to receive or disable the receipt of further Marketing Emails. Alternatively, you can click "Unsubscribe" at the end of the Marketing Email. Revoking your consent will not affect the legality of the collection and use carried out prior to withdrawal of your consent.

Givgive uses the service provider, Braze, Inc. (USA), established outside the European Economic Area, to send Marketing Emails. In this case, the personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Givgive account is deactivated or inactive for five (5) years or until you revoke your consent.

2.6.2. To Personalize Marketing Communications

To show you more relevant marketing messages and ads on our Platform, we may personalize them using the data provided during registration (see above under 2.1.1, 2.1.2, and 2.1.3), as well as data related to your Givgive account (see 2.2), your activity on our forum (see 2.1.10), your log files (see 2.3.1 above), and other means (see 2.7.7).

To personalize marketing messages to you, we use service provider Braze, Inc. (USA) which is established outside the European Economic Area. In this case, the personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We may also use your personal data to display personalized Givgive ads on third-party platforms such as Google, YouTube, Instagram, or Facebook. For this purpose, we may share your email address, phone number, IP address, and Facebook ID with Meta, Inc. (USA) and your email address with Google, Inc. (USA). In this case, the personal data is protected by the third-party platforms entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

Legal basis for such collection and use is our legitimate interest to present you with marketing messages and ads that we consider relevant to you (Art. 6(1)(f) of the GDPR).

We collect and use your personal data for this purpose until the deactivation of your Givgive account or for 5 years of inactivity on your account.

2.6.3. To Allow You to See Personalized Advertisements

Upon your consent, Givgive will allow advertising service partners to collect your IP address and/or mobile device identifier and place their cookies on your devices and then use the data to personalize advertisements presented to you. This means that with your consent, you will receive advertisements based on your interests and your activity on the Platform. Namely, advertising service partners will collect and use the following data:

• IP address of the connection
• Mobile Device ID
• Advertising ID
• Information on websites browsed by the visitor - list of pages and products viewed, clicked, put in a basket, or bought the Platform
• URL of the pages viewed by the visitor (“referrer”)
• URL of the previous page viewed by the visitor
• Technical information related to the browser, device type, and visitor operating system version (“user-agent”)
• Timestamp (date, time)
• Information about the possible relationships among different browsers and devices
• Other information collected by a particular advertisement services provider

Legal basis to conduct this is Art. 61(4) of Estonian Law on Electronic Communications. To the extent that it involves personal data, we base such collection and use on your consent (Art. 6 (1) (a) of the GDPR).

You can choose not to receive personalized marketing and advertisements at any time by changing relevant settings on the Platform. Withdrawal of permission will not affect the lawfulness of the collection and use carried out prior to the withdrawal of permission.

To enable our service providers to show you personalized advertisements, your data is used by partners who provide personalized advertisement services. Information is collected for this purpose by advertising service partners and is not stored by Givgive.

2.6.4. To Manage Our Social Media Profiles

If you are interested in our activity and follow our profiles on social media, we collect and use the following data about you in order to manage our social networking sites:

• Full name
• Email address
• Gender
• Country
• Picture
• Message
• Time and date the message was received
• Content of the message
• Message attachments
• Response to the message
• Message response time
• Information about our rating
• Comments on a post
• Post shares
• Information about post reactions

Legal basis for such collection and use is our legitimate interest to manage our social media profiles (Art. 6(1)(f) of GDPR).

In order to manage our social media accounts, we receive and provide data to social media platform operators.

The following social media platform operators are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases, personal data is protected by the operators entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

• LinkedIn Corporation (USA)
• Google LLC (USA)
• Meta Platforms, Inc. (USA)

Personal data collected and used for this purpose are kept as long as you are registered on a specific social media network.

Joint Controllership with Facebook (“Page Insights”)

Givgive operates a so-called fan page on the social media platform of Facebook. Facebook and Givgive are only jointly responsible for the processing of so-called "insights data" (Art. 26 (1) sentence 1 of the GDPR) insofar as this data is used for the creation of so-called "page insights" and only for the data collection phases from Givgive's fan page until its transmission to Facebook. For other data processing, Givgive and Facebook are separately responsible for data processing.

Within the scope of their joint controllership, Givgive and Facebook have entered into an agreement (referred to as the "page insights controller addendum"). The agreement covers the data processing that is collected and used in connection with a visit or interaction with our fan page, but only to the extent that this data is also (subsequently) processed for "page insights". "Page insights" includes analysis services that help us to better understand interactions on our site. In this context, we do not receive any personal data from Facebook, only an anonymous evaluation and illustration. Facebook provides more information on this on its help page for "page insights". The information about data for "page insights" explains how "insights data" is collected and used to create "page insights". This includes the following actions:

• Views and interactions with a page, post, video, story, or other content associated with a page;
• Subscribing or unsubscribing to a page;
• Reactions to a page or a contribution (e.g. a "like"; recommendation, share, comment, subscription, etc.);
• Hiding a page contribution or reporting it as spam;
• Moving the mouse over a link to a page or the name or profile picture of a page to see a preview of the page contents;
• Clicks on the website, phone number, "route planning" button or any other button on a page;
• Views of an event of a page, reactions to an event (including the type of reaction), clicks on a link for event tickets;
• Starting a messenger conversation with the page;
• Views or clicks on articles in a website shop;
• IP address as well as other information that is available on your end device in the form of cookies.

The processing of visitor data from our fan page serves the purpose of providing the page itself as well as the statistical evaluation of the use of our page. This evaluation is made anonymous for Givgive. The legal basis for data processing is Art. 6 (1)(f) of the GDPR. Our legitimate interests in the processing of personal data when visiting the site and the creation of "site insights" consist of presenting the company and the Platform. Similarly, we also seek to contact members and interested parties in order to provide information on products and promotions, as well as for the collection of data in order to generate anonymous evaluations and illustrations on the use of our fan page.

If you wish to exercise your rights with respect to your data (see bullet point 6. below), contacting Facebook directly is the most effective way. You can contact us if you still need help in exercising your rights. In accordance with our agreement, Facebook assumes primary responsibility for fulfilling the obligations for the joint processing of "insights data". This includes fulfilling the following rights:

• The right to access (Art. 15 of the GDPR);
• The right to ratification (Art. 17 of the GDPR);
• The right to restrict processing (Art. 18 of the GDPR);
• The right to data portability (Art. 20 of the GDPR); and
• The right of objection (Art. 21 of the GDPR).

Facebook provides more details on how to exercise these rights in the "page insights data" information.

Joint Controllership with LinkedIn

Givgive operates a so-called company page on LinkedIn, the social media platform. LinkedIn and Givgive are only jointly responsible (Art. 26 (1) sentence 1 of the GDPR) for the processing of so-called "insights data", enabling us to receive anonymized statistics and insights on how visitors interact with our page. For other data processing, Givgive and LinkedIn are separately responsible for data processing.

Within the scope of the joint controllership, Givgive and LinkedIn have entered into an agreement (referred to as the "Page Insights Joint Controller Addendum") in which the data protection obligations are allocated between LinkedIn and Givgive. The agreement stipulates the following:

• LinkedIn is responsible for enabling you to exercise your rights pursuant to the GDPR. In order to do so, you can contact LinkedIn online via https://www.linkedin.com/help/linkedin/ask/PPQ or via the contact information in the data protection guidelines. You can contact LinkedIn Ireland’s Data Protection Officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also reach out to us using the contact information mentioned below to exercise your rights with respect to the processing of your personal data for insights. In such a case, we will forward your request to LinkedIn.
• LinkedIn and Givgive have agreed that the Irish Data Protection Commission shall be the responsible supervisory authority monitoring the processing for insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

The data processing of LinkedIn company page visitors serves to provide the page itself as well as the statistical evaluation of the use of our page. This evaluation is made anonymous for Givgive (LinkedIn does not share personal data with us when providing us with the insights, we only have access to a summarized version of the insights; also, we are unable to make conclusions about individual members based on information in the insights). The legal basis for the processing of your personal data is Art. 6 (1)(f) of the GDPR. Our legitimate interests in the processing of personal data when visiting the site and the creation of the "insights" consist of presenting the company and the Platform and, for example, contacting members and interested parties and providing information about products and promotions, as well as the collection of data for the creation of anonymous evaluations and illustrations on the use of our company page.

2.7. For Legal Purposes

2.7.1. To Handle Your Requests Related to Personal Data

If you exercise your statutory rights regarding your data (see 6 below), we will collect and use the data contained in your request in addition to any other personal data held by Givgive for the purpose of examining the request, responding to it and, when necessary, taking necessary action.

This is necessary in order to comply with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

Personal data collected and used for this purpose are kept for two (2) years from the day we respond to your request.

2.7.2. To Provide Information to Law Enforcement and Other State Institutions

If we have reasonable grounds to suspect that you are involved in illegal activities or if we receive an order from a public authority regarding this (e.g. requiring us to remove illegal content posted by you), we will collect and use the data that is necessary in order to notify the law enforcement and other state institutions, or to execute the order.

Givgive also provides the above data to law enforcement and other state institutions when we receive requests for information in relation to investigations carried out by these institutions.

This is necessary in order to comply with the legal obligations to which Givgive is subject (Art. 6 (1) (c) of the GDPR).

Personal data is required to fulfill our legal obligations when you are a member of our Platform. If you do not provide us with this personal data, we will not be able to comply with legal requirements.

We collect and use your personal data for this purpose for as long as it is necessary for the ongoing administrative or judicial proceedings, but no longer than 3 years from the last response to the competent authority (except for those cases where the retention period is specified by the authority).

2.7.3. To Defend Our Rights Against Chargebacks

If you have made transactions via our payment service providers, we will collect and use your personal data held by Givgive to the extent necessary to resolve a particular situation.

We base such collection and use of your personal data on a legitimate interest to defend our rights in case a chargeback procedure is initiated against Givgive (Art. 6 (1) (f) of the GDPR).

2.7.4. To Defend the Rights and Interests of Givgive

If you become involved in a dispute with Givgive or we need to carry out enforcement of our GTC or otherwise defend, enforce, exercise and uphold our rights, we will collect and use all of your personal data held by Givgive to the extent necessary to resolve a particular situation.

We base such collection and use on a legitimate interest to defend the rights and interests of Givgive (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 3 years or until the dispute is resolved (including the time limit for appeal, if applicable), or until the investigations/legal proceedings are pending (including the time limit for appealing these investigations/legal proceedings), or until final issuance of the binding decision from the authorized body.

3. Personal data recipients

Givgive transfers or shares personal data with service providers only insofar as necessary and allowed in accordance with applicable laws. Service providers to which your personal data is transferred or with whom it is shared for specific purposes are described under 2 above. In addition, we appoint the following service providers who, as a result, receive personal data as data recipients.

We perform ongoing technical maintenance and upgrades to the Platform to protect the security and confidentiality of personal data we process and to perform certain business-related functions that help make our services available and functional. For this reason, we transfer your profile data to service providers who provide cloud and hosting services, IT security, maintenance and technical services, and communications services.

The following service providers are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases, the personal data is protected by the service providers entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

• Amazon Web Services, Inc. (USA);
• Google LLC (USA);
• Apple Inc. (USA);
• Microsoft Corporation (USA);
• Slack Technologies, Inc. (USA);
• BlackLine Systems, Inc. (USA);
• Chronicle, LLC (USA);
• True Partners Consulting, LLC (USA);
• Arcaris, Inc. (USA);
• Havas Edge, Inc. (USA);
• Cloudflare, Inc. (USA).

We transfer personal data to attorneys, attorney assistants, notaries, bailiffs, auditors, accountants, bookkeepers, debt collectors, consultants, translation agencies, IT service providers, insurance companies, and archiving services that provide services to Givgive.

Additionally, we share data within the Givgive group. Data processed within the Givgive group is transferred to Givgive, insofar as necessary for the management of Givgive group.

Givgive is legally obligated to provide personal and/or usage data to investigative, criminal prosecution or supervisory authorities if and to the extent required to prevent risk to the public and for the prosecution of criminal acts.

Givgive may share your data with third parties when transferring rights and obligations pertaining to the contractual relationship between you and Givgive to such third parties in accordance with the GTC (available via the link: https://www.Givgive.com/terms_and_conditions), in particular in the event of the transfer of a business sector, a merger by way of the creation of a new company, a merger by way of absorption, a de-merger or any changes in control affecting Givgive.

4. Use of cookies

Givgive uses cookies and similar technologies on the Platform. You can find out more by visiting our Cookie Policy.

5. Right of amendment

As our services are constantly evolving, we reserve the right to change this Privacy Policy at any time subject to the applicable regulations. Any changes will be published promptly on this page. You should, nevertheless, check this page regularly for any updates.

6. Conditions of participation in prize games and competitions

In the event of prize draws being held within the platform, Givgive transmits or shares personal data on the official page for summing up the results of the competitions. In order to achieve transparency of the competition and equal conditions for all participants in the drawing:

• Full name
• E-mail address
• telephone

7.Your statutory rights regarding your personal data

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the right at any time:

• to be informed of the data we collect and use and to request access or demand a copy of the data concerned (right to access). You can access any data you actively provided us on the Platform (2.1, 2.5 and 2.6) at any time through your Givgive account;
• to demand the correction of inaccurate data and, subject to the nature of the collection and use, the completion of incomplete data (right to rectification). You can also amend any of the data that you have actively provided us on the Platform (2.1, 2.5 and 2.6) at any time through your Givgive account (except sent messages and any forum posts or reviews);
• subject to just cause, to demand the deletion of your data (right to deletion);
• to demand that the collection and use of your data be restricted, provided the legal criteria are met (right to restrict processing);
• subject to the legal criteria being met, to receive the data you have provided in a structured, current and machine-readable form and to transfer this data to another data controller or, when technically feasible, to have it transferred by Givgive (right to data portability);
• to object to the collection and use of data – only where the collection and use is based on a task carried out in the public interest or in the exercise of a vested official authority (Art. 6 (1)(e) of GDPR) or legitimate interest (Art. 6 (1)(f) of GDPR), including profiling, based on the same data collection and use grounds as explained in other sections of this statement (right to object). You also have the right to object to the collection of your personal data for direct marketing purposes at any time;
• to revoke any permission, you have granted us at any time. Such revocation will not affect the legality of collection and use carried out prior to the revocation and is based on the permission granted. You can revoke your permission to receive our newsletter by changing your Givgive account settings to block the receipt of any further Marketing Emails. Alternatively, you can click "Unsubscribe" at the end of the Marketing Email;
• not to receive discriminatory treatment while exercising your rights.

To exercise any of the rights specified in this section, you can contact Givgive and submit your request using the contact information (7 below).

8. Our contact details

If you have any questions regarding the collection and use of your data as part of your use of the Platform, or regarding your rights, please contact our data protection officer at support@givgive.com.

Givgive data protection officer:

Netgive PLC
Kesklinna linnaosa, Ahtri tn 12
10151 Tallinn
Republic of Estonia